Type Juggling in PHP Switch - Juggling Facts [HackTheBoo CTF 2022]

preview_player
Показать описание
Type juggling is a really interesting PHP vulerability that happens when a developer uses == to compare two items that might be of different types, and can lead to some unexpected behavior. Juggling Facts can be exploited by noticing that the switch statement in PHP uses a loose comparison, not a strict one. This video will cover all of this, and exploit type juggling to get the flag.

[00:00] Introduction
[00:27] Webpage enumeration
[02:19] Looking at source, starting with docker
[03:26] PHP source analysis
[04:15] getfacts endpoint
[05:39] Type juggling analysis
[08:08] Switch type juggling example in PHP terminal
[10:30] Get flag in Burp Repeater
  1. 0xdf
Рекомендации по теме
Type Juggling in 0:11:47

Type Juggling in PHP Switch - Juggling Facts [HackTheBoo CTF 2022]

PHP Type Juggling 0:17:00

PHP Type Juggling - Why === is Important - Bug Bounty Tips

Type Juggling Magic: 0:07:16

Type Juggling Magic: Why PHP thinks 0 and 'password' are the same [Capture The Flag Fundam...

PHP : Type 0:03:34

PHP : Type Juggling

PHP Type Juggling 0:00:54

PHP Type Juggling | Loose Comparison | PHP object Injection #shorts #short

How to prevent 0:02:39

How to prevent PHP type juggling vulnerabilities

Type Juggling and 0:10:24

Type Juggling and Coercion in PHP

EP011: Exploiting PHP 0:14:50

EP011: Exploiting PHP type juggling in Urdu / Hindi

05 k php 0:10:00

05 k php type juggling

Introduction to PHP 0:08:50

Introduction to PHP || Juggling Types

Grilujeme PHP - 0:08:41

Grilujeme PHP - HackTheBox/Juggling Facts - PHP Type Juggling

Authentication Bypass in 0:11:33

Authentication Bypass in PHP | PHP Type Juggling

14. Type Casting 0:06:37

14. Type Casting | PHP Tutorial | Basic to Advanced | PHP 8.2

ED81 - PHP 0:45:35

ED81 - PHP Type Juggling

PHP Type Juggling, 0:22:33

PHP Type Juggling, LFI and Command Injection - Solution to April '23 Challenge

what you mean 0:01:00

what you mean type juggling in php

34 Type Casting 0:03:49

34 Type Casting in PHP

Hack The Box 0:15:57

Hack The Box - Juggling Facts (Easy) - Live Walkthrough

Type Casting in 0:01:00

Type Casting in PHP - MasteringCode Reels #shorts

HTB - Juggling 0:09:53

HTB - Juggling Facts

PHP Type casting 0:04:32

PHP Type casting - Lecture 18 (PHP Tutorial)

PHP Tutorial: Type 0:01:00

PHP Tutorial: Type Casting to Integer - Part-14 #shorts#phptutorial

Do you want 0:00:16

Do you want to better your life? #philippines #angelescity #expat #pampanga #travelvlog

type cast in 0:02:16

type cast in php | phpstarters | #typecasting

Комментарии
Автор

I'm really enjoying your videos of all these challenges, you are doing a great job job explaining everything, I really like doing challenges and finding good videos or writeups is not as common as it's with machines

alphariusomegon
Автор

Awesome straight forward, quick, easy to understand videos! Hope you keep it up you're amazing.

InfoSecIntel